gdp's Comments

Francois Ropert's weblog : Francois Ropert weblog » Numéros de systèmes autonomes BGP, l’autre p&eacu

Wed, 19 Nov 2008 13:59:49 +0000

Pour les sensors wifi rien n'est sûr c'est encore un autre gros problème qui se prénomme "l'internet des objets", pour l'instant on ne voit que le haut de l'iceberg :) oui et une migration IPv6 et l'ASN 32bytes devrait aussi donner un peu de headhache si les schémas d'adressages v6 inclus l'ASN 32 bytes (c'est moins trivial qu'avec un ASN16). Sinon de manière plus générale, voici 6 manières de penser "ipv6" en business case: http://www.eweek.com/c/a/IT-Infrastructure/How-to...

Francois Ropert's weblog : Francois Ropert weblog » Map IP to BGP AS number python script

Wed, 5 Nov 2008 11:29:47 +0000

Thanks to Infosecplace.com that talk about the tool in his podcast series http://infosecplace.com/blog/2008/10/31/an-inform...

Francois Ropert's weblog : Francois Ropert weblog » SSH challenge #2 - Enable SSH without ip domain-name

Fri, 31 Oct 2008 13:00:50 +0000

Nice one! denyip has the solution :-)

Francois Ropert's weblog : Francois Ropert weblog » SSH challenge #1 - Version 1 automatically enabled

Fri, 31 Oct 2008 12:19:57 +0000

The answer is that SSH version 1 is automatically forced when the key size is below 768 bits. Spoke1(config)#$crypto key generate rsa general-keys label Spoke1.packetfault.org modulus 360 The name for the keys will be: Spoke1.packetfault.org % The key modulus size is 360 bits % Generating 360 bit RSA keys, keys will be non-exportable...[OK] Spoke1(config)# *Oct 30 15:47:55.658: RSA key size needs to be atleast 768 bits for ssh version 2 *Oct 30 15:47:55.658: SSH: host key initialised *Oct 30 15:47:55.666: %SSH-5-ENABLED: SSH 1.5 has been enabled *Oct 30 15:47:56.966: SSH: successfully generated server key

Francois Ropert's weblog : Francois Ropert weblog » SSH challenge #1 - Version 1 automatically enabled

Thu, 30 Oct 2008 14:38:00 +0000

Hello Flo, you are near the good answer. Keep the thought around RSA keys generation :)

Francois Ropert's weblog : Francois Ropert weblog » SSH challenge #1 - Version 1 automatically enabled

Thu, 30 Oct 2008 14:09:07 +0000

Just received false answer via MSN: The cause is not "auto secure ssh" The cause is not "ios version" No matter the hardware (at least last commands were from a Cisco) it's a SSH general behavior

Francois Ropert's weblog : Francois Ropert weblog » GET VPN notes

Thu, 30 Oct 2008 11:19:01 +0000

GET VPN is new to CCIE lab 3.0 and I love it!

Francois Ropert's weblog : Francois Ropert weblog » Cisco Secure Firewall Services Module (FWSM) Ciscopress book review

Thu, 30 Oct 2008 11:05:39 +0000

Cascading quadruple FWSM into a single failover process is not possible. So you can't have FWSM in Active/Standby/Standby/Standby. It works by pairs. If you have four 6500 and SUP720-3BXL and each one has a FWSM then you'll have two failover process completely independant from other.

Francois Ropert's weblog : Francois Ropert weblog » Map IP to BGP AS number python script

Fri, 24 Oct 2008 08:37:22 +0000

OoooOps! Don't take care of the usage() function. Definitely part of another script from my private toolbox :-)

Francois Ropert's weblog : Francois Ropert weblog » CCIE security lab preparation

Thu, 16 Oct 2008 02:11:29 +0000

Hello, CCIE v3 finally out! No MARS nor NAC! woosh :) http://denyip.wordpress.com/2008/10/16/ccie-secur...http://www.cisco.com/web/learning/le3/ccie/securi...http://www.cisco.com/web/learning/le3/ccie/securi...

Francois Ropert's weblog : Francois Ropert weblog » IDApython - Sort imported functions by xrefs count

Tue, 14 Oct 2008 13:01:37 +0000

Hi Phn1x, Thanks for comment and your suggestion.. I observe we read same blogs heh :-) 2cents on counting xrefs for all sections (especially for .text) can be very hard to be human-understandable if symbols are not present. Anyway, first pass about reversing and understanding functions roles could be done before (if you want the exact picture of the binary) or after if you only want the big picture including most xref'ed functions

Francois Ropert's weblog : Francois Ropert’s weblog » Hacking OSPF with cryptography protection enabled

Sun, 24 Aug 2008 05:53:34 +0000

Hello Jeffrey, In the doubt of an implementation bug I have used two different IOS in my testbed and tested the PoC on the other router. It definitely works. Now, speaking of sequence number, it works with a condition: that the packet you replay has a higher SEQnumber than the currently seqnumber send over the wire by the real router. In the case you try to hack with an inferior seq number, the packet is not processed and OSPF runs normally, no adjacaceny nor topology nor global ip routing table is impacted. If you send a higher SEQnumber, then we go into the INIT state as described in the blog post. Manral - who is the guy that outlined this in the draft without any reference to the cisco implementation. As Russ White said me off-blog, the best workaround is OSPFv3 and IPSEC :) Looks like we found a scenario where IPv6 can be argued as useful for security lol despite his many security by design flaws. Francois

Francois Ropert's weblog : Francois Ropert’s weblog » Hacking OSPF with cryptography protection enabled

Sat, 23 Aug 2008 02:37:35 +0000

Hi Jeffrey, Thanks for your message. The IOS I've tested is in the 12.0 train, the possibilty that it's an implementation bug is very strong indeed but anyway the flaw is here. I'm not claiming I discovered OSPF big flaw of the year, I'm not the OSPF Dan Kaminksy lol. Russel White from Cisco is aware of this OSPF theoric attack. I've just PoC it :] You could find information about other crypto flaws in his RFC draft http://tools.ietf.org/html/draft-manral-rpsec-exi...I've attached packet captures at the end of the article.

.:Computer Defense:. : [SecTor Review] TCP/IP Perversion

Mon, 18 Aug 2008 11:48:46 +0000

Nice concept!

Francois Ropert's weblog : Francois Ropert’s weblog » The damned subif bug of the day

Mon, 18 Aug 2008 09:54:29 +0000

Lessaid, it's normal, that's an ARP request. ARP reply is sent to the bad interface which leads to the impossibility to add a line in the arp cache. Anyway, static is not viable cuz I have to learn mac address dynamically in order to run mac address flooding then after ;)

Francois Ropert's weblog : Francois Ropert’s weblog » Layer 2 protocol tunneling in real world

Sun, 17 Aug 2008 12:42:25 +0000

Hello Surya! :-) Ha j'étais pas au courant, ils m'ont pas laissé de message sur le répondeur :)